From patchwork Wed Dec 18 13:04:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Qi Zheng X-Patchwork-Id: 13913620 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C918E77188 for ; Wed, 18 Dec 2024 13:06:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CF07D6B009F; Wed, 18 Dec 2024 08:06:15 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id CA04C6B00A0; Wed, 18 Dec 2024 08:06:15 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B1D3A6B00A1; Wed, 18 Dec 2024 08:06:15 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 8D3676B009F for ; Wed, 18 Dec 2024 08:06:15 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 097C9B00BA for ; Wed, 18 Dec 2024 13:06:15 +0000 (UTC) X-FDA: 82908101598.08.15988E3 Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by imf19.hostedemail.com (Postfix) with ESMTP id B1FB31A0015 for ; Wed, 18 Dec 2024 13:05:39 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=bytedance.com header.s=google header.b=LS0E4H3o; spf=pass (imf19.hostedemail.com: domain of zhengqi.arch@bytedance.com designates 209.85.214.171 as permitted sender) smtp.mailfrom=zhengqi.arch@bytedance.com; dmarc=pass (policy=quarantine) header.from=bytedance.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1734527143; a=rsa-sha256; cv=none; b=vpyYFr6Y9CzSuyJ/gtzsrZL1HUtkO42SFHWD0HcvbPSmBFixrMKeVpVsGvCpKeIz6g+sXv 6GmCzOdxwASEM1AnMrl/I3hkwTQLgeleBBm4TgchZtxKtGG+jt/jB4vX30cS9OVlqHlAdP V1VTYhoP2L8lISwMonJ/haDw44GMu9k= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=bytedance.com header.s=google header.b=LS0E4H3o; spf=pass (imf19.hostedemail.com: domain of zhengqi.arch@bytedance.com designates 209.85.214.171 as permitted sender) smtp.mailfrom=zhengqi.arch@bytedance.com; dmarc=pass (policy=quarantine) header.from=bytedance.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1734527143; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Rs6Lkouarv58ZoKb+WtHLVo9G63kikGgJGrD7ursbxc=; b=DHiC+YJHlnZGG/YLMqrpiwIlsgmDsJlm+LOywCd/mRNW/HM862nRQB17Vzts29otg+5Jcl qZpZZMkKgjf/RpWmLD+a0iA+LW62bkOn9OeTJCRWTJS7SHaBsV6FBZcAjWSunzL8J64dbe i7WCc5ulEnZqE5pQWXEj+CQ2yq2xHhs= Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-216634dd574so37778305ad.2 for ; Wed, 18 Dec 2024 05:06:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance.com; s=google; t=1734527172; x=1735131972; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Rs6Lkouarv58ZoKb+WtHLVo9G63kikGgJGrD7ursbxc=; b=LS0E4H3oihi74qCvCb7FgztFV80hzMNZUVhd9gkSJDXQ7LIWAaipcKZdwyNwTSY6Gb TcAqdnaccESEHDbJqkbS8ExLCM5gO1UqbPX3Ec9iqUAiTI4RS5qltMDgPRpm/+OYI/WO d4uQ1KdhfCiYa2u4yO42PtNN1+Kb7mFIR9iUJ8G6sD8NxWmTZq7ZvAS+nlczSlrbWFQy drIAAjIxDUysdOfMgM/IthUKn0ANbI0U8ahWpgId/mXdbze/qYOGfWZJNI+mx7RCFPkn EudsphI7K2ESDenJEOmkNNaNLQ4bJEJePwhJw7u3S3eXLeE6L95LtjFswsXLNy1dhnH2 ypcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734527172; x=1735131972; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Rs6Lkouarv58ZoKb+WtHLVo9G63kikGgJGrD7ursbxc=; b=wGe6ZVQLwXuoh5PcL9M7LDZU/Nkze+H5Zk3kTOoCB83mIoHdAkRKTByAP3R+p/qbJb VfF9JZAMQdGw8m1WR5MdgPQAQS/sFJg2nbB3SSlWsRA0w4TOap7KHjDMhKljQyAYR2tu 44jNjB/IBks/HrFiVot2Hi32xKYKVAZ4J3ILwNbXuJqXsJgaXT9vAATKyt0DweS5pF1i ACRn968ibmGvL67+nTbcM8UYdUhx7D4dBwP72u0Wvvtv28Luk09oyFSi9hL9Q2FHYUAL wyWhjvo0o4LyaBSN6Ah9OAN45SDyAwKaTbo75YbJfAvfThjCEgeOm2zrm939YXsT62bC oxaQ== X-Gm-Message-State: AOJu0YxJWF/Va8eXoNlHmnDosMQhpRVz9WqC664F6Ww5nntk5/ZoHWQU iitP9aK6Q/2EuWa47wMiDHQwefebE6MBd09BeJnWqsMlHPZFngaUuKB8b6ItmkU= X-Gm-Gg: ASbGnctwB5GYwJ9O9VpBHBGdLZQ6poTerzkhK2aqpvx0vApfmodsPyt6sjNdlsOQn6y Ehs3vNKe7//Vu4cJMf/fyS8PYOHrnqHIvfmRs19IlwAEPeQO9gU8441NizEuU+jgGbHWgIPE/ZM 8HAuGTjXqDv2zTfZp5qF1HdwgETlWtLW84dGBw6irbzW55MzlyEOq3kLpBNfhu8d3A1S7GgJchc wD4ZxDVjS/1T9TNfOswR9Ml8JqUNQn1gDBJH3odHRAgCC0BS3qHBPr81q1aDFbGeL3ed5KUzA0v hBxe5v3cxcXGwGogx2OT7g== X-Google-Smtp-Source: AGHT+IEwCZCDbOJ1SqMAwJwdz2DwBH3whjOpJ7w3Lr+F6G2curZkg5Sqfpo28wJQmsWqUUWcuoXMow== X-Received: by 2002:a17:902:cec3:b0:212:6011:594a with SMTP id d9443c01a7336-218d6fbe5b2mr36617165ad.3.1734527171662; Wed, 18 Dec 2024 05:06:11 -0800 (PST) Received: from C02DW0BEMD6R.bytedance.net ([139.177.225.238]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-218a1db755dsm75751825ad.42.2024.12.18.05.06.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Dec 2024 05:06:11 -0800 (PST) From: Qi Zheng To: peterz@infradead.org, tglx@linutronix.de, david@redhat.com, jannh@google.com, hughd@google.com, yuzhao@google.com, willy@infradead.org, muchun.song@linux.dev, vbabka@kernel.org, lorenzo.stoakes@oracle.com, akpm@linux-foundation.org, rientjes@google.com, vishal.moola@gmail.com Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Qi Zheng , x86@kernel.org Subject: [PATCH v2 09/15] x86: pgtable: move pagetable_dtor() to __tlb_remove_table() Date: Wed, 18 Dec 2024 21:04:45 +0800 Message-Id: <8c0d97d2a538cafb94cf30f5c94a84a0f93f2f4f.1734526570.git.zhengqi.arch@bytedance.com> X-Mailer: git-send-email 2.24.3 (Apple Git-128) In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: B1FB31A0015 X-Stat-Signature: 13gkb8q4tm8pqa4pj1dmw96qm474k6ik X-Rspam-User: X-Rspamd-Server: rspam09 X-HE-Tag: 1734527139-245218 X-HE-Meta: U2FsdGVkX18Z82Pcr+zI8pcoiVRbtjj7aaa7ruicjOm10FB0m5cGJqiDLmOMJUTy9cwyD+6fWphnsPhb+ffo7ziEtW149xCmMP1fUmB1kLCUfS+Hd7TFUaRQVnqTyqOc5btNJxXKbfzaAv28AUaxOTlXVJHdemVXMr7sDSYF+fhfw+VnHWiHgFNwtHWY6s63RorkqFrwbvpdqqDO0VOj3oqkLGCjYwUknl3IZ6nQ/EZNDODjJ5vUUyARXOUB0JY/tc1lRbsx84eC0nOvSsgET4oGI6kI+dtNTNV1R+FZjV9fQpcXbNe60QXEgY1BmawNGbW2ccCAMAE1weXzPE56ohlcJSoRknn1pClu+NItqoYDYBaTjl4A7dv/BbY9ex0pUvTOK0Dj6rcb3nfoQaDHgQw49aFZip3syfAOB8/QcY76l69/4aZVuTzmk5LeioITSCzlHyA2UZ7gICYpqCqpAVafBHf+tRxa4WPZWKgkPq18/ZpXtroJuwZWkwgfUQBJ4pPUdFo3lpuVhpciOdpAtx9E9wunNlvzlSf5ooiELlAqMdiMUZf3zqKKaw+5cv+0mpmL2WrL8RRuFwYHWOc4TJ66mPrYEcKZ1DnorJnAbTTdYagP6QNKbfgb2Engykvl5nnH7uGEoo0/0g/gjcOuIVMNSffwuKewzfYRJcY/fRbEr8SMmEIvev1kVo02GJW4kpBdl4jB6GGrM3eNYrEQJCfQ5CJ1M6g07yiCe2aFr5tEy1yihIerUYW3ftcFi8S3BLnkpmbo7AELUAgMEssBbb+PAV7FdRfS5UTJ5lCsc44ZHfMaK+FGQfQbWQTNnz7bxCCBrGpVSRexhOQBT58PpKqyUnGFRQc/vFvaYML6I4G3owcxFj1GRxijblfnWTg2mJeFcyQY0rKzcthTXkF8QjYR6NJaYWnxLMG15Y0Xx+ZqeSZyE1Xwl3fiIUVaShs3r+1Juc/6rwDEL9TSWfr 4Tvx3Inu RKSx3HujxJyon9nPH8JgtaZ7dVqV8m+RtcvTAhRGnluUZilyk+3ZuTm91b0QZOGJ2drPvsvipHOCkr2Hju88jaXD95593gnCyQ7hUWT4cY1oMx05WeTBa/ZhcQZMzfMfHOTL7CsukuGv7YGiP3ueB7pGMN0oFeQMiNghvanbefq27PpVl6B+p2b2XPuIvpY7LckIOpE1qisVYbkRIcZeNd5bzhrwIaRJIwiq33swBaWHTObDEhwiqct7Hno+N/sd4ywDi8Vw0v9pDakz2RbH06rOIc1ZVpmNNWhV4q0PhaldCp13LKAJvIqRtcWv70jlCpEsZAwISvmncSHu/ygSQJa3bcJRvpgS4y6VRIp4kQu8Juhs7agBesTv/3hOrIGnzNm6aEnsA9W77V41E3kupvC0dp9HepUfbcTllpdlV2RfCgJsTUSlVB3zD1MlLxHgL9m46fGvlyp0ye4Qsk12FjNgdYcNy8xJkbPVxQWrVXSikU/4wI1Js/5YnwsO4uG9CLK5m X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Move pagetable_dtor() to __tlb_remove_table(), so that ptlock and page table pages can be freed together (regardless of whether RCU is used). This prevents the use-after-free problem where the ptlock is freed immediately but the page table pages is freed later via RCU. Page tables shouldn't have swap cache, so use pagetable_free() instead of free_page_and_swap_cache() to free page table pages. Signed-off-by: Qi Zheng Suggested-by: Peter Zijlstra (Intel) Cc: x86@kernel.org --- arch/x86/include/asm/tlb.h | 17 ++++++++++------- arch/x86/kernel/paravirt.c | 1 + arch/x86/mm/pgtable.c | 12 ++---------- 3 files changed, 13 insertions(+), 17 deletions(-) diff --git a/arch/x86/include/asm/tlb.h b/arch/x86/include/asm/tlb.h index 73f0786181cc9..f64730be5ad67 100644 --- a/arch/x86/include/asm/tlb.h +++ b/arch/x86/include/asm/tlb.h @@ -31,24 +31,27 @@ static inline void tlb_flush(struct mmu_gather *tlb) */ static inline void __tlb_remove_table(void *table) { - free_page_and_swap_cache(table); + struct ptdesc *ptdesc = (struct ptdesc *)table; + + pagetable_dtor(ptdesc); + pagetable_free(ptdesc); } #ifdef CONFIG_PT_RECLAIM static inline void __tlb_remove_table_one_rcu(struct rcu_head *head) { - struct page *page; + struct ptdesc *ptdesc; - page = container_of(head, struct page, rcu_head); - put_page(page); + ptdesc = container_of(head, struct ptdesc, pt_rcu_head); + __tlb_remove_table(ptdesc); } static inline void __tlb_remove_table_one(void *table) { - struct page *page; + struct ptdesc *ptdesc; - page = table; - call_rcu(&page->rcu_head, __tlb_remove_table_one_rcu); + ptdesc = table; + call_rcu(&ptdesc->pt_rcu_head, __tlb_remove_table_one_rcu); } #define __tlb_remove_table_one __tlb_remove_table_one #endif /* CONFIG_PT_RECLAIM */ diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 7bdcf152778c0..46d5d325483b0 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -62,6 +62,7 @@ void __init native_pv_lock_init(void) #ifndef CONFIG_PT_RECLAIM static void native_tlb_remove_table(struct mmu_gather *tlb, void *table) { + pagetable_dtor(table); tlb_remove_page(tlb, table); } #else diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index a6cd9660e29ec..a0b0e501ba663 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -23,6 +23,7 @@ EXPORT_SYMBOL(physical_mask); static inline void paravirt_tlb_remove_table(struct mmu_gather *tlb, void *table) { + pagetable_dtor(table); tlb_remove_page(tlb, table); } #else @@ -60,7 +61,6 @@ early_param("userpte", setup_userpte); void ___pte_free_tlb(struct mmu_gather *tlb, struct page *pte) { - pagetable_dtor(page_ptdesc(pte)); paravirt_release_pte(page_to_pfn(pte)); paravirt_tlb_remove_table(tlb, pte); } @@ -68,7 +68,6 @@ void ___pte_free_tlb(struct mmu_gather *tlb, struct page *pte) #if CONFIG_PGTABLE_LEVELS > 2 void ___pmd_free_tlb(struct mmu_gather *tlb, pmd_t *pmd) { - struct ptdesc *ptdesc = virt_to_ptdesc(pmd); paravirt_release_pmd(__pa(pmd) >> PAGE_SHIFT); /* * NOTE! For PAE, any changes to the top page-directory-pointer-table @@ -77,16 +76,12 @@ void ___pmd_free_tlb(struct mmu_gather *tlb, pmd_t *pmd) #ifdef CONFIG_X86_PAE tlb->need_flush_all = 1; #endif - pagetable_dtor(ptdesc); - paravirt_tlb_remove_table(tlb, ptdesc_page(ptdesc)); + paravirt_tlb_remove_table(tlb, virt_to_page(pmd)); } #if CONFIG_PGTABLE_LEVELS > 3 void ___pud_free_tlb(struct mmu_gather *tlb, pud_t *pud) { - struct ptdesc *ptdesc = virt_to_ptdesc(pud); - - pagetable_dtor(ptdesc); paravirt_release_pud(__pa(pud) >> PAGE_SHIFT); paravirt_tlb_remove_table(tlb, virt_to_page(pud)); } @@ -94,9 +89,6 @@ void ___pud_free_tlb(struct mmu_gather *tlb, pud_t *pud) #if CONFIG_PGTABLE_LEVELS > 4 void ___p4d_free_tlb(struct mmu_gather *tlb, p4d_t *p4d) { - struct ptdesc *ptdesc = virt_to_ptdesc(p4d); - - pagetable_dtor(ptdesc); paravirt_release_p4d(__pa(p4d) >> PAGE_SHIFT); paravirt_tlb_remove_table(tlb, virt_to_page(p4d)); }